Attempts to update vCenter to 7.0 Update 3c, Update 3d, Update 3e or Update 3f fail with "invalid type expected string instead got none type"
Patchrunner.log, located in /var/log/vmware/applmgmt/, contains the following error stack:
2022-07-18 06:39:31,586.586Z content-library:Patch ERROR vmware_b2b.patching.executor.hook_executor Patch hook 'content-library:Patch' failed. Traceback (most recent call last): File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/py/vmware_b2b/patching/executor/hook_executor.py", line 74, in executeHook executionResult = systemExtension(args) File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/libs/sdk/extensions.py", line 106, in __call__ result = self.extension(*args) File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/libs/sdk/extensions.py", line 123, in _func return func(*args) File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/payload/components-script/content-library/__init__.py", line 279, in execute_patch register_cls() File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/payload/components-script/content-library/patches/add_new_cls_privileges.py", line 151, in register_cls reg_info.registerAll(solution_user_name, solution_user_id, service_id=service_id) File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/payload/components-script/content-library/patches/cis_register.py", line 387, in registerAll self.registerUserAndService(user_name, user_id, service, service_id=service_id) File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/payload/components-script/content-library/patches/cis_register.py", line 422, in registerUserAndService create_sso_groups(service_spec) File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/payload/components-script/content-library/patches/cis_register.py", line 623, in create_sso_groups authz_patch.assign_groups_to_roles(service_spec['group-role']) File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/payload/components-script/content-library/patches/cis_register.py", line 591, in assign_groups_to_roles self.domain_name, role, group, True) File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 706, in set_permission self._authz_service) File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 685, in create_access_control role_ids.append(role_objs_dict[rolename]) KeyError: 'com.vmware.Content.Registry.Admin' 2022-07-18T06:39:31.597Z ERROR vmware_b2b.patching.phases.patcher Patch hook Patch got ComponentWrapperError. Traceback (most recent call last): File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/py/vmware_b2b/patching/phases/patcher.py", line 203, in patch _patchComponents(ctx, userData, statusAggregator.reportingQueue) File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/py/vmware_b2b/patching/phases/patcher.py", line 85, in _patchComponents executeComponentHook(Hook.Patch, ctx, c, userData, reportingQueue) File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/py/vmware_b2b/patching/executor/execution_facade.py", line 98, in executeComponentHook reportQueue, identifier, expectedResultType) File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/py/vmware_b2b/patching/executor/execution_facade.py", line 53, in executeHook result = executor.executeHook(scriptFile, hook, args, reportQueue, reportIdentifier) File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/py/vmware_b2b/patching/executor/hook_executor_process.py", line 119, in executeHook raise ex patch_errors.ComponentError 2022-07-18T06:39:32.601Z WARNING root stopping status aggregation... 2022-07-18T06:39:32.602Z ERROR __main__ Patch vCSA failed
This error can occur when one of more of the default roles in vCenter have been modified, resulting in their vmwAuthzRoleName property being different from what it should be.
The update installer uses this property to identify the roles to use them when reregistering the services during the update, and will fail when it cannot find a specific role.
To resolve this problem you can apply the following steps:
# /opt/likewise/bin/ldapsearch -b "cn=RoleModel,cn=VmwAuthz,cn=Services,dc=vsphere,dc=local" -s sub -D "cn=Administrator,cn=Users,dc=vsphere,dc=local" -W | grep -A 4 com.vmware.Content.Admin
vmwAuthzRoleName: com.vmware.Content.Admin
vmwAuthzRoleDescription: Administrator user for Content Library
objectClass: top
objectClass: vmwAuthzRole
cn: 1649641290
Note down the value next to "cn: ", highlighted in green in the example above. This is the role ID.
/opt/likewise/bin/ldapmodify -x -h localhost -p 389 -D 'cn=Administrator,cn=Users,dc=vsphere,dc=local' -W << EOF
dn: cn=-1615445737,cn=RoleModel,cn=VmwAuthz,cn=services,dc=vsphere,dc=local
changetype: modify
replace: vmwAuthzRoleName
vmwAuthzRoleName: com.vmware.Content.Admin
EOF
/opt/likewise/bin/ldapmodify -x -h localhost -p 389 -D 'cn=Administrator,cn=Users,dc=vsphere,dc=local' -W << EOF
dn: cn=1649641290,cn=RoleModel,cn=VmwAuthz,cn=services,dc=vsphere,dc=local
changetype: modify
replace: vmwAuthzRoleName
vmwAuthzRoleName: com.vmware.Content.Admin
EOF
# cd /tmp/
# chmod +x repair_roles.sh
# ./repair_roles.sh
Note: While running, the script will ask you for the LDAP password multiple times (8, to be specific). Each time, please enter the password for of the [email protected] account (or of the administrator account of your SSO domain, in case said SSO domain has been named differently).